Skip to main content

Hackers injected malicious code into several Chrome extensions in recent attack

By

Hackers were reportedly able to modify several Chrome extensions with malicious code this month after gaining access to admin accounts through a phishing campaign. The cybersecurity company Cyberhaven shared in a blog post this weekend that its Chrome extension was compromised on December 24 in an attack that appeared to be “targeting logins to specific social media advertising and AI platforms.” A few other extensions were hit as well, going back to mid-December, Reuters reported. According to Nudge Security’s Jaime Blasco, that includes ParrotTalks, Uvoice and VPNCity.

Cyberhaven notified its customers on December 26 in an email seen by TechCrunch, which advised them to revoke and rotate their passwords and other credentials. The company’s initial investigation of the incident found that the malicious extension targeted Facebook Ads users, with a goal of stealing data such as access tokens, user IDs and other account information, along with cookies. The code also added a mouse click listener. “After successfully sending all the data to the [Command & Control] server, the Facebook user ID is saved to browser storage,” Cyberhaven said in its analysis. “That user ID is then used in mouse click events to help attackers with 2FA on their side if that was needed.”

Cyberhaven said it first detected the breach on December 25 and was able to remove the malicious version of the extension within an hour. It’s since pushed out a clean version.

This article originally appeared on Engadget at https://ift.tt/Y6qfgOy

from Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics https://ift.tt/Y6qfgOy
via IFTTT

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Instagram accidentally reinstated Pornhub’s banned account

By
After years of on-and-off temporary suspensions, Instagram permanently banned Pornhub’s account in September. Then, for a short period of time this weekend, the account was reinstated. By Tuesday, it was permanently banned again. “This was done in error,” an Instagram spokesperson told TechCrunch. “As we’ve said previously, we permanently disabled this Instagram account for repeatedly violating our policies.” Instagram’s content guidelines prohibit  nudity and sexual solicitation . A Pornhub spokesperson told TechCrunch, though, that they believe the adult streaming platform’s account did not violate any guidelines. Instagram has not commented on the exact reasoning for the ban, or which policies the account violated. It’s worrying from a moderation perspective if a permanently banned Instagram account can accidentally get switched back on. Pornhub told TechCrunch that its account even received a notice from Instagram, stating that its ban had been a mistake (that message itse...
Post a Comment
Read more

California Gov. Newsom vetoes bill SB 1047 that aims to prevent AI disasters

By
California Gov. Gavin Newsom has vetoed bill SB 1047, which aims to prevent bad actors from using AI to cause "critical harm" to humans. The California state assembly passed the legislation by a margin of 41-9 on August 28, but several organizations including the Chamber of Commerce had urged Newsom to veto the bill . In his veto message on Sept. 29, Newsom said the bill is "well-intentioned" but "does not take into account whether an Al system is deployed in high-risk environments, involves critical decision-making or the use of sensitive data. Instead, the bill applies stringent standards to even the most basic functions - so long as a large system deploys it."  SB 1047 would have made the developers of AI models liable for adopting safety protocols that would stop catastrophic uses of their technology. That includes preventive measures such as testing and outside risk assessment, as well as an "emergency stop" that would completely shut down...
Post a Comment
Read more

If only your bike had a trunk. Oh wait, now it does.

By
Just to let you know, if you buy something featured here, Mashable might earn an affiliate commission. Biking is one of the best ways to get around, especially if you live in a city. It's quick, it's eco-friendly, and you get a bit of exercise.  If you already commute on two wheels or are thinking of starting, there's a storage device you kinda need. SEE ALSO: This bamboo keyboard combo adds a touch of tranquility to your workspace The Buca Boot is a pretty magical two-in-one hybrid: It’s a super secure storage box for your bike that works like the trunk of a car. You can lock your helmet or whatever else in it and leave it safely behind. It’s also a basket—open it up, and you can carry a bouquet of flowers and a baguette like the picturesque cyclist of your dreams.    Read more... More about Storage , Car , Bicycle , Trunk , and Cyclist from Mashable http://ift.tt/2eHNwLB via IFTTT
Post a Comment
Read more